"sshd-x[PID]: reverse mapping checking getaddrinfo for HOST.DOMAIN failed - POSSIBLE BREAKIN ATTEMPT!" error in /var/log/messages file
The Forward DNS record and Reverse DNS (PTR) record are not consistent with each other.
The system is trying to do a Reverse DNS lookup to match the connecting IP address with the hostname that is trying to connect, and fails to do so.
Nov 19 00:15:25 FireWall_001 [LOG_INFO] sshd-x: reverse mapping checking getaddrinfo for unknown.example.org failed - POSSIBLE BREAK-IN ATTEMPT!
- The host
192.168.81.8 is connecting to
FireWall_001 over SSH.
- Lookup for the hostname associated to that IP address resolves to
- Resolving the IP address associated with
unknown.example.org fails because either the IP address is not
unknown.example.org cannot be resolved.
Possible troubleshooting steps (the order of the steps does not matter):
- Verify that DNS server are configured correctly in the
- Add the manual entry for relevant connecting machines into
- Disable lookup of the hostnames for connecting machines by setting "
UseDNS no" directive in the
- Do not use simple passwords for SSH. The best idea to disable passwords altogether and use SSH keys only.
- Disable root login by setting "
PermitRootLogin no" directive in the
- Change the port SSHD daemon is running on by setting the desired port in "
Port" directive or in "
ListenAddress IPv4_Address:Port" directive in the
- Change the shell for
nobody user to
Imported from Nokia support database